To Next Page

To Previous Page

Introduction

1-7

1.1.10.1 Kerberos Authentication

Authentication is a means of verifying information transmitted from a secure source. If information is

authentic, you know who created it and you know it has not been altered in any way since it was

originated. Authentication entails a network administrator employing a software “supplicant” on

their computer or wireless device.

Authentication is critical for the security of any wireless LAN device. Traditional authentication

methods are not suitable for use in wireless networks where an unauthorized user can monitor

network traffic and intercept passwords. The use of strong authentication methods that do not

disclose passwords is necessary. The access point uses the Kerberos authentication service protocol

(specified in RFC 1510) to authenticate users/clients in a wireless network environment and to

securely distribute the encryption keys used for both encrypting and decrypting.

A basic understanding of RFC 1510 Kerberos Network Authentication Service (V5) is helpful in

understanding how Kerberos works. By default, WLAN devices operate in an open system network

where any wireless device can associate with an AP without authorization. Kerberos requires device

authentication before access to the wired network is permitted.

For detailed information on Kerbeors configurations, see Configuring Kerberos Authentication on

page 6-8.

1.1.10.2 EAP Authentication

The Extensible Authentication Protocol (EAP) feature provides access points and their associated

MUs an additional measure of security for data transmitted over the wireless network. Using EAP,

authentication between devices is achieved through the exchange and verification of certificates.

EAP is a mutual authentication method whereby both the MU and AP are required to prove their

identities. Like Kerberos, the user loses device authentication if the server cannot provide proof of

device identification.

Using EAP, a user requests connection to a WLAN through the access point. The access point then

requests the identity of the user and transmits that identity to an authentication server. The server

prompts the AP for proof of identity (supplied to the by the user) and then transmits the user data

back to the server to complete the authentication process.

An MU is not able to access the network if not authenticated. When configured for EAP support, the

access point displays the MU as an EAP station.

Motorola AP-7131 User Manual

Other manuals for Motorola AP-7131